nanog mailing list archives
Re: nLayer IP transit
From: Richard A Steenbergen <ras () e-gerbil net>
Date: Fri, 2 Aug 2013 14:56:22 -0500
On Fri, Aug 02, 2013 at 07:11:34AM +1000, Mark Tees wrote:
Thanks for the replies. I think I saw somewhere around the Cloudflare outage post someone mentioning that since the person at Juniper that was responsible for Flowspec left it all went down hill. I take it then Flowspec is still used internally then? I am still wondering if its best to avoid Flowspec and roll your own firewall rules applied via Netconf for transit interfaces to achieve the same sort of functionality.
It's a lot less likely to go south if you control the routes that go into the system. That said, it still breaks some things just by having it enabled (like NSR, though I suppose one could argue that NSR breaks itself :P), so you might be better served with a netconf distribution of rules if you want to avoid those potential issues. -- Richard A Steenbergen <ras () e-gerbil net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Current thread:
- nLayer IP transit Mark Tees (Jul 31)
- Re: nLayer IP transit Patrick W. Gilmore (Jul 31)
- Re: nLayer IP transit Saku Ytti (Jul 31)
- Re: nLayer IP transit Alexandre Snarskii (Aug 01)
- Re: nLayer IP transit Saku Ytti (Aug 01)
- Re: nLayer IP transit Alexandre Snarskii (Aug 01)
- Re: nLayer IP transit Richard A Steenbergen (Aug 01)
- Re: nLayer IP transit Mark Tees (Aug 01)
- Re: nLayer IP transit Richard A Steenbergen (Aug 02)
- Re: nLayer IP transit Mark Tees (Aug 01)